Israeli authorities have officially charged two 19-year-old teenagers for running vDos, a DDoS-for-hire service, the largest such platform at the time it went down in the autumn of last year.
The service operated from 2012 up to September 2016, and for most of its lifespan, only a few people knew about its existence. The service offered a broad range of DDoS-for-hire services, from monthly "stresser service" subscriptions to rentable botnet infrastructure.
It all started with the PoodleStresser hack
The vDos decline began in the summer of 2016 through one of these rented botnet infrastructures offered to a DDoS hacking crew that went by the name of PoodleCorp.
A vulnerability in PoodleCorp's PoodleStresser allowed other hackers and security professionals to dump data from this third-party botnet, which at the time was mainly used to attack servers belonging to Pokemon GO, Steam, and other gaming services.
Clues from the PoodleStresser source code revealed connections to the vDos API. This data eventually made its way into the hands of infosec investigative journalist Brian Krebs, who in September 2016 published an exposé article on the vDos service and its owners — Yarden “applej4ck” Bidani and Itay “p1st” Huri.
Hours after the Krebs article, acting on an FBI tip, Israeli police arrested the two suspects and took down the service for good [1, 2].
What followed in the aftermath of Bidani and Huri's arrests was a wave of DDoS attacks from the DDoS-for-hire community and dissatisfied vDos customers. The attacks against the KrebsOnSecurity blog entered infosec lore, being the largest DDoS attacks ever recorded at the time they took place. They were also the coming out party for the Mirai IoT botnet.
Israeli officials press charges
On Tuesday [1, 2], this week, Israeli officials moved the investigation along by filing a formal indictment, according to a statement from the Israeli State Department Prosecutor's Office.
The statement doesn't mention the two suspects by name, because they were minors at the time when they committed the crimes, but confirms many of Krebs' other findings.
For example, Israeli investigators validated ties to Lizard Squad and PoodleCorp, and that the vDos operators made over $600,000 from operating the service.
Investigators say vDos was used to launch over 2 million DDoS attacks on sites all over the world. The two used a fake UK company to launder the money they earned via their PayPal accounts and cryptocurrency payments.
According to a mirror of the vDos site, customers could rent a "stress test" package for prices ranging from $29.99 to $199.99 per month.
Shortly after the Krebs article, in October 2016, the FBI also charged two 19-year-old teenagers on suspicion of being members of the Lizard Squad and PoodleCorp hacking crews, two of vDos' most well-known customers. The indictment mentioned ties between the two suspects and Bidani, the main figurehead behind vDos.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now